A Shai-Hulud Miasma evolution supply chain attack targets AsyncAPI packages, injecting a multi-staged dropper into developer tools downloaded millions of times weekly
Breaking News: Multiple AsyncAPI npm packages compromised with a multi-staged dropper.
More details to follow.
Affected Packages
| Package name | Affected versions |
| @asyncapi/generator | 3.3.1 |
| @asyncapi/generator-components | 0.7.1 |
| @asyncapi/generator-helpers | 1.1.1 |
| @asyncapi/specs@ | 6.11.2, 6.11.2-alpha.1 |
Overview
This is a highly sophisticated, multi-stage supply chain attack. The malware functions as a hybrid info-stealer, crypto-stealer, and Remote Access Trojan (RAT). It actively attempts to confuse analysts by mimicking known campaigns (like Miasma) and targets developers and repository maintainers.
The malware has an Ethereum address embedded in it, but no transaction was detected relating to this address.
Impact
- The affected packages have over 2M weekly downloads.
Recommended Actions
Immediate Actions:
- Revoke and Rotate Tokens: Immediately revoke all developer tokens associated with npm, PyPI, and Cargo on any suspected machine.
- Monitor Peer-to-Peer Traffic: Flag or restrict traffic to standard BitTorrent bootstrap nodes (router.bittorrent.com, router.utorrent.com, dht.transmissionbt.com) and IPFS gateways (ipfs.io) on developer networks.
- Review Code Repositories: Audit recent commits and package releases on your organization’s public/private registries for unauthorized code injections (especially looking for embedded payloads in main JS files, bypassing post-install restrictions).
Technical Analysis

The malware is a highly sophisticated crypto-stealer, info-stealer, and full-blown RAT with a multi-stage dropper. It targets everything on the local machine, self-duplicates, and has many, many lines of code. How many?
91,973.

Since it does a huge number of things, we’re reviewing only the most interesting parts:
- Using legitimate infrastructure for storing data
- Using legitimate infrastructure as backup C2
- Using Torrent-based beaconing
- Self-duplication across npm, PyPI & Cargo
- Locale check for Russia, and termination if on a Russian machine
- Crypto wallet stealing, Cloud Configuration stealing & RAT behavior
The malware uses ipfs.io – a legitimate peer-to-peer network to store and share data – in order to store its malicious payload. Later on – it uses it as a fallback server in case the C2 server is not functional.

The malware also uses a wide array of backup communication nodes and beacons to keep communication alive even after the C2 fails, and to bypass network-based blocks.
This includes torrent URLs such as:
- router.bittorrent.com
- router.utorrent.com
- dht.transmissionbt.com

If the malware finds a working token for npm, PyPI, or Cargo, it tries to self-duplicate on the victim’s registry packages.

The malware contains multiple checks. If it runs inside a virtual machine, if there’s an EDR present, or if the current machine’s language is Russian. If so, it terminates itself to avoid detection or infection of unwanted machines.

The malware has the classic info-stealer/crypto-stealer logic, as we’ve seen in numerous other malicious campaigns.


The malware uses 85[.]137[.]53[.]71 as a remote C2 server.
The malware also embeds an Ethereum contract address – 0x12c37A86a0Ed0beBe5d1d6a43E42f07860eAc710 – although we didn’t manage to analyze exactly how it’s being used inside the code.

Although the malware has some similarities to the Shai-Hulud and Miasma campaigns, and it contains the Miasma string multiple times inside its code, this malware isn’t the same as them, nor is it attributed to the Miasma/Shai-Hulud/TeamPCP campaigns that we’ve seen in the past.

Conclusion
This supply chain attack hits in the middle of 2026, showing us that supply chain attacks are only getting worse, more complicated, and even managing to fight researchers psychologically. Attackers are aware of it being researched, and are using the Miasma name to mislead security engineers and hide the malware’s true attribution.
It also elevates the use of legitimate infrastructure as part of its hiding process, bypassing detection for sandboxed environments and EDRs, and tries not to self-infect its Russian creators, which we can deduce from the Russian language locale check.
npm’s v12 is out, blocking post-install scripts, but threat actors didn’t need to use them as they just embedded the malicious code inside the main JavaScript file without being blocked. This amplifies the message we extensively discussed in npm Is Fighting the Right War With the Wrong Weapons – and we don’t see this trend changing anytime soon.
IOCs
- 0x12c37A86a0Ed0beBe5d1d6a43E42f07860eAc710
- 85[.]137[.]53[.]71


